Insider threat incident at Technology Company

Background

SARAL TECH PVT. LTD., a mid-sized technology firm in India specializing in software solutions for the healthcare sector, faced a significant internal security breach. Despite their rigorous security protocols, the company encountered an insider threat where an employee illicitly accessed and shared sensitive client data with a competitor.

Problem

This incident posed a severe risk to SARAL TECH, compromising the confidentiality of crucial client information and proprietary technologies. The situation threatened the company’s reputation and could potentially lead to substantial financial losses.

Solution

To address this critical issue, SARAL TECH engaged with Dr. Kaushal Bhavsar for a comprehensive investigation. The approach included:

  • Incident Investigation:
    • Preliminary analysis to determine the breach’s scope.
    • Preserving evidence, including disk images and network logs.
  • Forensic Analysis:
    • Utilizing EnCase Forensic for in-depth digital investigations.
    • Constructing a timeline of the employee’s activities through login records and file access logs.
    • Recovering deleted files and examining network traffic for external data transmissions.
  • Identification of the Suspect:
    • Analyzing behavioral patterns and access logs to correlate unauthorized activities with a specific user.
  • Collaboration with Legal and HR Teams:
    • Ensuring legal compliance and working with Human Resources for protocol adherence during the investigation.
  • Security Enhancement Recommendations:
    • Providing a report with improvement areas in security.
    • Recommending employee training on security protocols and data handling.
  • Closure and Monitoring:
    • Officially closing the incident post-legal actions and ongoing monitoring through tools like Nessus.
  • Employee Identification and Security Measures:
    • Identifying the responsible employee and implementing updated access controls and two-factor authentication using Google Authenticator.
    • Regular security audits conducted using Nessus.

Results

The meticulous investigation led to:

  • Culprit Identification: The responsible employee was identified, terminated, and legal actions were initiated.
  • Enhanced Security Measures: Implementation of stronger security protocols, including updated access controls and regular audits, effectively fortified the company’s cybersecurity posture and restored trust.

The collaborative effort between SARAL TECH and Dr. Bhavsar successfully mitigated the insider threat, ensuring the security and integrity of sensitive data.

  • August 13, 2018
  • Active Directory | EnCase Forensic | FTK Imager | Google Authenticator | HR Database Analysis Tools | Nessus | Splunk | Sysmon | Windows Event Viewer | Wireshark